Join CentOS 7 Desktop to Samba4 AD as a Domain Member – Part 9

This guide will describe how you can integrate CentOS 7 Desktop to Samba4 Active Directory Domain Controller with Authconfig-gtk in order to authenticate users across your network infrastructure from a single centralized account database held by Samba.

Requirements

Step 1: Configure CentOS Network for Samba4 AD DC

1. Before starting to join CentOS 7 Desktop to a Samba4 domain you need to assure that the network is properly setup to query domain via DNS service.

Open Network Settings and turn off the Wired network interface if enabled. Hit on the lower Settings button as illustrated in the below screenshots and manually edit your network settings, especially the DNS IPs that points to your Samba4 AD DC.

When you finish, Apply the configurations and turn on your Network Wired Card.

Network Settings

Configure Network

2. Next, open your network interface configuration file and add a line at the end of file with the name of your domain. This line assures that the domain counterpart is automatically appended by DNS resolution (FQDN) when you use only a short name for a domain DNS record.

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eno16777736

Add the following line:

SEARCH="your_domain_name"

Network Interface Configuration

3. Finally, restart the network services to reflect changes, verify if the resolver configuration file is correctly configured and issue a series of ping commands against your DCs short names and against your domain name in order to verify if DNS resolution is working.

Other Authentication Options = check Create home directories on the first login

Authentication Advance Configuration

9. After you’ve added all required values, return to Identity & Authentication tab and hit on Join Domain button and the Save button from alert window to save settings.

Identity and Authentication

Save Authentication Configuration

10. After the configuration has been saved you will be asked to provide a domain administrator account in order to join the domain. Supply the credentials for a domain administrator user and hit OK button to finally join the domain.

Joining Winbind Domain

11. After your machine has been integrated into the realm, hit on Apply button to reflect changes, close all windows and reboot the machine.

Apply Authentication Configuration

12. In order to verify if the system has been joined to Samba4 AD DC open AD Users and Computers from a Windows machine with RSAT tools installed and navigate to your domain Computers container.

The name of your CentOS machine should be listed on the right plane.

Active Directory Users and Computers

Step 4: Login to CentOS Desktop with a Samba4 AD DC Account

13. In order to login to CentOS Desktop hit on Not listed? link and add the username of a domain account preceded by the domain counterpart as illustrated below.

16. To display a summary about the domain controller use the following command:

$ sudo net ads info

Check Domain Controller Info

17. In order to verify if the trust machine account created when CentOS was added to the Samba4 AD DC is functional and list domain accounts from command line install Winbind client by issuing the below command:

$ sudo yum install samba-winbind-clients

Then issue a series of checks against Samba4 AD DC by executing the following commands:

18. In case you want to leave the domain issue the following command against your domain name by using an domain account with administrator privileges:

$ sudo net ads leave your_domain -U domain_admin_username

Leave Domain from Samba4 AD

That’s all! Although this procedure is focused on joining CentOS 7 to a Samba4 AD DC, the same steps described in this documentation are also valid for integrating a CentOS 7 Desktop machine to a Microsoft Windows Server 2008 or 2012 domain.

For NTP date you should use chrony. It is the default for Rhel 7 and centos. Net ads were cool for centos 6 but for Rhel and centos 7 try using the Realm client utility. You can do everything you showed in one line.